CWE WEAKNESSES / CWE-93
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
Base
What it is
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Impact
| Integrity | Modify Application Data |
Mitigations
- [Implementation] Avoid using CRLF as a special sequence.
- [Implementation] Appropriately filter or quote CRLF sequences in user-controlled input.
Real-world CVE examples
- CVE-2002-1771 — CRLF injection enables spam proxy (add mail headers) using email address or name.
- CVE-2002-1783 — CRLF injection in API function arguments modify headers for outgoing requests.
- CVE-2004-1513 — Spoofed entries in web server log file via carriage returns
- CVE-2006-4624 — Chain: inject fake log entries with fake timestamps using CRLF injection
- CVE-2005-1951 — Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.
- CVE-2004-1687 — Chain: HTTP response splitting via CRLF in parameter related to URL.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →